How do I locate the app generating this network traffic?
Posted
by
Christopher Bartels
on Super User
See other posts from Super User
or by Christopher Bartels
Published on 2012-06-16T00:53:52Z
Indexed on
2012/06/16
3:18 UTC
Read the original article
Hit count: 654
networking
I don't know what this process is doing on my computer. I run Windows 7 Professional w/ all its updates running current non-free antivirus.
I only see it in Resource Monitor, where you can see the Network Service process connected to bitum.nnov.ru.
When my PC's network traffic generating apps are idle, this process is using the most of all the idle processes using the network.
Screenshot hosted here: http://sss.proinbox.com/bitum-nnov-ru.jpg
Does anyone recognize this?
The page source mentions a control port & a stream port:
Page Source for http://bitum.nnov.ru :
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>DVR WebViewer</title>
<meta http-equiv="Content-Type" content="text/html; charset=euc-kr">
</head>
<body topmargin="0" leftmargin="0">
<OBJECT
classid="clsid:EE479A40-C128-40DD-93DA-000556AF9607"
codebase="CtrWeb.cab#version=1,0,2,2"
width=875
height=585
align=center
hspace=0
vspace=0
>
<param name="CmdPort" value="5920">
<param name="StreamPort" value="5921">
</body>
</html>
When I google this page's title, I see a number of other domains that host the same page.
Whois:
domain: NNOV.RU
nserver: ns.kis.ru.
nserver: ns.nnov.ru. 78.25.80.210
nserver: ns1.kis.ru.
nserver: ns2.kis.ru.
state: REGISTERED, DELEGATED, VERIFIED
org: "Agentstvo Delovoj Svjazi", Ltd
registrar: RU-CENTER-REG-RIPN
admin-contact: https://www.nic.ru/whois
created: 1996.10.23
paid-till: 2012.11.01
free-date: 2012.12.02
source: TCI
Last updated on 2012.06.16 04:20:46 MSK
© Super User or respective owner
